[FFmpeg-cvslog] avfilter/af_pan: check nb_output_channels before use

[Michael Niedermayer]

ffmpeg | branch: release/4.3 | Michael Niedermayer <michael at niedermayer.cc> | Mon Jun 10 23:41:07 2024 +0200| [81fbeedd1b27f9bfa767ca87cd00198c32d1302f] | committer: Michael Niedermayer

avfilter/af_pan: check nb_output_channels before use

Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5fe8bf4aa51350b14d0babd47b0314232e703caf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81fbeedd1b27f9bfa767ca87cd00198c32d1302f
---

 libavfilter/af_pan.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index 6924d1c721..b74854afcf 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -126,6 +126,14 @@ static av_cold int init(AVFilterContext *ctx)
     if (ret < 0)
         goto fail;
 
+    if (pan->nb_output_channels > MAX_CHANNELS) {
+        av_log(ctx, AV_LOG_ERROR,
+               "af_pan supports a maximum of %d channels. "
+               "Feel free to ask for a higher limit.\n", MAX_CHANNELS);
+        ret = AVERROR_PATCHWELCOME;
+        goto fail;
+    }
+
     /* parse channel specifications */
     while ((arg = arg0 = av_strtok(NULL, "|", &tokenizer))) {
         int used_in_ch[MAX_CHANNELS] = {0};